Cyber-crime hits U.S. companies hard and often, report says

Cyber-crime costs American companies a median loss of $3.8 million dollars a year, according to a study released today by security firm ArcSight and the Ponemon Institute, a privacy research organization.

The study interviewed data protection and IT practitioners from 45 U.S. organizations from different sectors, who shared details on the volume of threats they face everyday. Over a four-week period, these companies experienced 50 successful attacks per week – that is, more than one successful attack per organization per week.

Losses to cyber-crime ranged from $1 million on the lower end to as much as $52 million, the report said.

“Cyber-crime is common, intrusive, and can have a significant impact on an organization’s bottom line,” the report said.

According to the study, responding to Web attacks, exploits through malicious code and malicious insiders accounted for 90 percent of all cyber-crime costs per organization per year. Those costs mostly came from detection and recovery internal activities, which accounted for 46 percent of annual response expenses.

For example, malicious insider attacks took up to 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day, the report said.